2 Replies Latest reply on Apr 10, 2002 8:48 AM by rphall

JAAS authentication using Kerberos or Certificates

pibakke Nov 28, 2001 12:21 PM

Hi

I have recently started to use/evaluate Jboss and found the support for JAAS Based Security to be well documented and working exactly according to the documentation.

However, our project would require several different authentication schemas based on:
- User name and password (for Web access)
- Client certificate (for B2B services)
- Some sort of Single-Sign-On (Kerberos?) for
SSO between applications

Furthermore, after the clients are authenticated, we would require role based authorization similar to what is demonstrated in the Jboss JAAS example (with users and roles in a database).

Now to my question:
1) Is there a simple way of authenticating client using certificates, map the certificate to a user defined in a database and get authorization based on roles defined for the user.
2) Similar question as above using some sort of Kerberos login module?
3) What would I need to write myself, and what is supported by Jboss?

If it makes any diference, we would like to run a Tomcat Web server on a different machine than the Jboss application server.

Regards,
Per-Ivar

1. Re: JAAS authentication using Kerberos or Certificates

pibakke Nov 29, 2001 2:26 AM (in response to pibakke)

Hi again

Just an additional remark!!

I have noticed that J2SDK 1.4 (beta) ships with two additional login modules (Krb5LoginModule and KeyStoreLoginModule). However, from the documentation provided by Sun, it is not clear to me how (if) these login modules help me in obtaining the fine-grained access control described above.

Regards,
Per-Ivar
Actions
2. Re: JAAS authentication using Kerberos or Certificates

rphall Apr 10, 2002 8:48 AM (in response to pibakke)

Per-Ivar:

Have you been able to authenticate clients using Kerberos?

- Rick Hall
Actions

Go to original post